Problems with postfix and authentication...

I’m trying to get postfix SMTP working and I’m just having a hell of a time. I just really don’t know where to start on getting it configured correctly, which is why I’m getting ‘relay access denied’ errors.

Is there a walkthrough somewhere on getting postfix authentication working with virtualmin/unix users?
My configuration file is WAY too simple to be doing anything effectively, but I’m not entirely sure what to add in it :slight_smile:

Any help here is appreciated.
Kevin

OK, an update here. I just found the instructions at

http://www.virtualmin.com/faq/one-faq?faq_id=1511#33021

I followed them to a T and they helped a lot. Now, instead of instantly being denied because of relay problems, it asks me for my password. But it never lets me log in. It takes probably 10 seconds probably to ask for a password, but once I enter it, it never accepts it.

I can post any configuration files or settings here that you guys need…just let me know.
Kevin

OK - figured out what the issue is:

If I log in with: kevin-thatscriptguy.com it works perfectly. But due to the fact that I’m moving a ton of cpanel accounts over, I need it to instead accept user@domain.

I’m sure this is a simple setting somewhere in postfix…hopefully :slight_smile:

I don’t see any recipient restrictions…which defaults to mostly rejecting everything except localhost. There may be something else, but that’ll definitely prevent anything good.

smtpd_recipient_restrictions = permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination

Yeah - I had forgotten to add those lines back in after accidentally clearing them. I have a feeling that once I’m able to actually connect, I’ll be able to login…but for some reason, telnet localhost 25 is refused immediately (used to work just fine)

Postfix is up and running and as of right now there is no firewall on the system. Any ideas as to why I can’t connect to port 25?

Kevin

Hey Kevin,

What’s in the maillog when you try to connect? And how about when you restart postfix? It’s always useful to know what Postfix thinks is going on.

Also:

inet_interfaces = localhost

Isn’t going to work except locally (this is saying “listen only on the localhost, or 127.0.0.1, address”). Change it to all.

If changing that doesn’t help, and if you can’t make sense of what’s in the maillog, send along a few lines of it. Also, resend the postfix configuration without comments. You can get it by running the postconf command (this also includes default settings not explicitly set in the main.cf file, but that’s alright).

Postfix configuration:

http://www.thatscriptguy.com/postconf.txt

Where is the error log for postfix located at?

I’ve messed with it for the past few hours and I’ve still got nothing. And I still don’t know where that error log is at…

grrr

Eh…I’ve looked in /var/log a million times and kept missing maillog…tiredness causes problems sometimes…

I was able to decipher the error log and now the machine is receiving mail again…that’s a good sign :slight_smile:
However, the error log is showing the following one thing that’s tripping me up…

warning: do not list domain thatscriptguy.com in BOTH mydestination and virtual_alias_domains

In the configuration file, mydestination doesn’t list thatscriptguy.com and I don’t even have a section listing virtual_alias_domains…??

Also, Joe, or anyone else…I can still only authenticate using user-domain to log in for SMTP. When I do this, it works wonderfully, but I really need to be able to log in with user@domain…

Also, Joe, or anyone else…I can still only authenticate using user-domain to log in for SMTP. When I do this, it works wonderfully, but I really need to be able to log in with user@domain

Check the FAQ again. :wink:

This one is covered:

http://www.virtualmin.com/faq/one-faq?faq_id=1511#51230

You’re looking for the second paragraph about Cyrus saslauthd.

Hey Kevin,

warning: do not list domain thatscriptguy.com in BOTH mydestination and virtual_alias_domains

Give your system a full name (www.thatscriptguy.com, or whatever), or remove $myhostname/$mydomain from mydestination. It’s set by default to:

mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

You’d rip out the two $my* variables.

Thanks a ton Joe! I can now authenticate using user@domain!

NOW, however, I’ve messed up the receiving end again. (I just can’t get anything to work…grr…)
This one seems simple though…

If I send a mail to kevin@thatscriptguy.com, it now bounces with the following error:

kevin-thatscriptguy.com@thatscriptguy.com (expanded from
kevin@thatscriptguy.com): User unknown in virtual alias table

Final-Recipient: rfc822; kevin-thatscriptguy.com@thatscriptguy.com
Original-Recipient: rfc822;kevin@thatscriptguy.com
Action: failed
Status: 5.0.0
Diagnostic-Code: X-Postfix; User unknown in virtual alias table

You know what the deal is with this one?

Also Joe, one more tiny thing (we’re getting there, I promise…)

If I try to receive mail for an additional domain, I get a BadMailboxName error…
Any tips on that?

Hey Kevin,

If I try to receive mail for an additional domain, I get a BadMailboxName error…
Any tips on that?

Same as always:

Look in maillog, and if you’re unsure what to make of it, send the relevant entries along to us here. I’ve never seen a “BadMailboxName” error…not sure where that would be coming from…but if I see the entries from the maillog, I’ll be able to guide you.

Here is the tail end of the log right after I attempted login…

Mar 6 17:22:39 thatscriptguy dovecot: imap-login: Login: user=<kevin@billiardstalk.com>, method=PLAIN, rip=168.144.108.19, lip=66.90.121.92
Mar 6 17:22:39 thatscriptguy dovecot: IMAP(kevin@billiardstalk.com): Disconnected
Mar 6 17:22:40 thatscriptguy dovecot: imap-login: Login: user=<kevin@billiardstalk.com>, method=PLAIN, rip=168.144.108.19, lip=66.90.121.92
Mar 6 17:22:40 thatscriptguy dovecot: IMAP(kevin@billiardstalk.com): open() failed with mbox file /var/mail/kevin-billiardstalk.com: Permission denied
Mar 6 17:22:40 thatscriptguy dovecot: IMAP(kevin@billiardstalk.com): Disconnected

The permissions for kevin-billiardstalk.com are the same as kevin-thatscriptguy.com (user is different but group is the same…)

Kevin

Once again I figured it out…
For some reason (bug in virtualmin I assume) kevin-billiardstalk.com was owned by larrycms.com:mail…

One last tiny thing is still not working, and that’s that postfix is for some reason adding @thatscriptguy.com to the end of all email addresses (IE: I send mail to kevin@billiardstalk.com and it turns it into kevin-billiardstalk.com@thatscriptguy.com and of course that bounces…)

Where is the setting that controls these rewrites? Once this is solved I’ll be a happy man :slight_smile:

Thanks

WOO HOO! I fixed my own problems (bet Joe is glad to hear that)

For future reference, I changed my mydestination line to the following:

mydestination = localhost.$mydomain, localhost, $mydomain, $myhostname

This fixed all of my issues completely. I can send internal mail and all of those other goodies that weren’t working before…awesome

I suspect you’ve got myorigin set. If everything else is right, you don’t need (and don’t want, because it’ll behave as you’ve described) this option set.

Nope - myorigin lines are commented out. Fixing that one line fixed everything for me…